Thursday, July 16, 2015

The Wingtip Club in San Francisco is a renovated 13,000 square foot duplex penthouse decorated in the old Gold Coast style atop the historic 1908 Bank of Italy building in downtown San Francisco. On Oct 6, 2015 it will be the venue for the most unique and luxurious Suits and Spooks event that we've ever held.

Taia Global and our event sponsors including Norse Corporation are picking up the tab for this full day of security talks and networking with intelligence veterans and executives from entertainment, banking, security, and technology companies.

Our speakers include:

David Fichtner: David Fichtner served 27 years at the CIA working on Soviet Military Forces, Nuclear Weapons Security, Proliferation issues, and information operations. While at CIA, Mr. Fichtner was selected for the Congressional Fellows Program serving on Senator John McCain’s staff. He is also a graduate of the Navy Fighter Weapons School (Topgun) and a designated Air Combat Tactics Instructor. Since retiring, Mr. Fichtner has worked as a consultant on Russian Intelligence services IO for Taia Global.

Christopher Burgess: Served 30+ years with the Central Intelligence Agency, serving in South Asia, Southeast Asia, the Middle East, Central Europe and Latin America. Currently the co-founder, President and CEO of Prevendra

Kurt Stammberger: Founder of the RSA Conference, expert in cryptography, threat intelligence, and security business strategy. Currently Senior VP of Marketing at Norse Corporation.

Jeffrey Carr: Founder, Taia Global and the Suits and Spooks conference; author and consultant to U.S. and foreign multinational corporations and government agencies.

Speakers and attendees will enjoy the Wingtip's new "Wine Cave" as their venue for this all-day event starting with a continental breakfast at 9am, lunch at 1pm, and a Whiskey tasting at 5pm.

Unlike other Suits and Spooks events, this will be limited to 30 invited attendees at the Director-level or above from industries including technology, aerospace, entertainment, banking, and biomedicine.

If you'd like to receive an invitation or discuss sponsorship options, please contact Taia Global. Both the number of sponsors and the number of attendees are limited so act soon.

Sunday, July 12, 2015

I'm thrilled to announced that our Suits and Spooks DC event for Feb 11-12, 2016 will be held at the National Press Club. We're going to be doing a lot of things differently including offering live streaming tickets for those who can't attend in person thanks to the National Press Club's wonderful in-house AV system.

Our event will be broken down into four 4-hour blocks, each with a designated theme:

Thursday, July 9, 2015

The Office of Personnel Management just released the steps that it has taken to protect over 21 million federal employees whose data was stolen in what may be the worst cyber security breach in history. Now keep in mind that these steps were selected during a time of high criticism against the agency and its director Katherine Archuleta. So I think that it's safe to say that it represents the best effort of Director Archuleta and presumably the new cyber security advisors that she brought onboard post-breach.

Here are the steps:

Providing a comprehensive suite of monitoring and protection services for background investigation applicants and non-applicants whose Social Security Numbers, and in many cases other sensitive information, were stolen.

Helping other individuals who had other information included on background investigation forms.

Establishing an online cybersecurity incident resource center.

Establishing a call center to respond to questions.

Developing a proposal for the types of credit and identity theft monitoring services that should be provided to all Federal employees in the future.

This reminded me of the letter that I received from Premera when they got breached (my wife and I were Premera customers), and had my USCG Top Secret security clearance still been active, I would have received an almost identical letter from OPM.

Then the realization hit me.

In crafting the above 5 steps, OPM revealed why it had been hacked so easily. It's because they didn't know (and still don't know) the intelligence value of what they had been trusted to protect - the SF-86 data. SF-86 forms are 120+ page monsters that consume your entire personal history along with all of your affiliations and points of contact in your personal, educational, and professional life. Clearance holders are interviewed every year so the information is kept current including foreign travel and foreigners that you've interacted with.

Now imagine that you work for a foreign intelligence service and I was a hacker who was offering you a chance to buy the SF-86 forms for every soldier serving in the Special Operations component commands of the Navy, Army, Air Force and Marines. These are the individuals who are responsible for direct action, counter-terrorism, snatch and grab, counter-narcotics, reconnaissance and who knows how many other secret operations.

Perhaps you work for a large South American drug cartel. How much would you be willing to pay for the SF-86 on every Drug Enforcement Agency employee who holds a clearance? If you had OPM's files and access to a data-mining tool like i2, Maltego, or Palantir, you could construct models that would reveal who was working a counter-narcotics operation in Medellín last year based upon their SF-86 foreign travel updates.

Imagine that you were looking to convince a U.S. government employee to work for you under threat of blackmail. The OPM database would provide you with a way to filter for those with backgrounds that make them highly vulnerable to extortion demands because the background investigators who conduct the interviews are looking for precisely that kind of information!

WHEN PROTECTING SOMETHING VALUABLE,

YOU MUST FIRST KNOW ITS VALUE.

When we speak with clients at Taia Global, the very first thing we do is show them how valuable their IP (intellectual property) is to foreign governments. We call that Target Asset Value™. Once the client understands his company's TAV, the client can properly evaluate what measures to put into place to protect the company's assets.

OPM clearly did not understand the concept of Target Asset Value as it relates to the government employees whose data they were responsible for. If they did, they wouldn't have proposed credit monitoring protection as a solution when the threats are so much greater than simple identify theft or an Amazon shopping spree. OPM's current solution is wholly inadequate and will continue to be so until Director Archuleta and her staff come to grips with the true value of the data that they were entrusted with, and lost.